[Web4lib] [web4lib] survey on library website third partyanalytics privacy concerns
Robert L. Balliot
rballiot at oceanstatelibrarian.com
Thu Aug 26 12:48:17 EDT 2010
There is a certain didactic irony in this assessment.
First, it assumes that non-profits somehow escape market pressure. For those
of us who have done fund raising for non-profits, I assure you that is not
the case. In an ideal world, non-profits would all be working towards a
collective good. But, at the most basic level, they merely meet the
requirements of being tax exempt. Salaries can be extremely profitable to
the non-profit and contributions often come with many, many strings
attached.
Second, the reason for creating anonymous records is apparently to hide them
from warranted government searches - where government is the only entity
that guarantees a right to privacy. But, all web traffic goes through
for-profit nodes. Warrants can be served on those nodes.
Third, it presumes insulation as if any library operates online
independently of the rest of the web. I think this is one of the most
prevalent misconceptions which certainly has its basis in the historic
nature of libraries as unique options for information discovery.
I thought Brian Tingle presented a very realistic assessment of the reasons
to use Google Analytics along with informing the patrons of their options.
And, beyond that, with Libraries trying to maintain relevancy the proper use
of GA can help improve marketing of library services.
*************************************************
Robert L. Balliot
Skype: RBalliot
Bristol, Rhode Island
http://oceanstatelibrarian.com/contact.htm
*************************************************
-----Original Message-----
From: web4lib-bounces at webjunction.org
[mailto:web4lib-bounces at webjunction.org] On Behalf Of Matthew Decker
Sent: Thursday, August 26, 2010 8:36 AM
To: web4lib at webjunction.org
Subject: Re: [Web4lib] [web4lib] survey on library website third
partyanalytics privacy concerns
WSJ article about google's internal privacy policy battles:
http://online.wsj.com/article/NA_WSJ_PUB:SB100014240527487033097045754135538
51854026.html
A few points to take away from this:
1. IP address is not the only form of tracking, GA specifically sets
tracking cookies, also flash and LSO tracking are becoming much more
prevalent.
2. Google is a for-profit corporation and like any other is subject to
market pressures. Larry Page fought against using cookies for
advertising tracking, but eventually gave in. Right now the only thing
stopping them from connecting together searches, gmail, ads, analytics,
orkut, maps, android phone contacts backups, etc., is their current
policy which could be changed at any time. What obligations do they
have for this free service you're taking advantage of.
3. One reason to anonymize checkout records is so they can not be
summoned by a court if you don't have them, but whatever data you send
to google could be:
"... concludes that it is required by law or has a good faith belief
that access, preservation or disclosure of such information is
reasonably necessary to protect the rights, property or safety of
Google, its users or the public..."
- http://www.google.com/analytics/tos.html
4. What was Google built on in the first place, and what do they do
best, data mine! They have and could infer an amazing amount of
information about people that never even intentionally use their
services. It makes their personal data clearinghouse idea mentioned
even more scary! Yes I know they haven't chosen to do that, at least
not yet.
5. Do you realize what information you are sending to GA? Search terms
in your online catalog, book or article titles viewed, checked out, etc.
There are other varying levels of free ways to gather
analytics/statistics. We use awstats for log files and also recently
started using piwik <http://piwik.org/> for sites we don't have log file
access to. They even have an anonymizeip plugin for German sites that
consider ip addresses to be personally identifiable. Yes GA is an
amazing analytics service, but even though it's not monetary, there is a
price you and your users pay for you using it.
On 8/25/10 5:56 PM, Thomas Edelblute wrote:
> Interesting, the only reports I have seen have been pages viewed.
>
> But IP addresses bring up additional problems in my mind. First, is DHCP.
How do I know which computer was using which address at a particular time
when those addresses are changed by the system? The second is NAT. Every
computer in the City of Anaheim goes out through at single IP address, and
is seen on the Internet as that single NAT address. So everyone in the
Public Library will be seen the same as a public employee out on the
Internet. I am also going to assume that anyone who accesses the library
web site from work will also come from a single NAT address for their place
of employment.
>
> Tom
>
>
> -----Original Message-----
> From: Mutch, Andrew [mailto:AMutch at twp.waterford.mi.us]
> Sent: Wednesday, August 25, 2010 12:16 PM
> To: Thomas Edelblute
> Cc: web4lib at webjunction.org
> Subject: RE: [Web4lib] [web4lib] survey on library website third
partyanalytics privacy concerns
>
> Thomas,
>
> It would depend on how much information your web site is logging. But in
> my experience, logging can include IP addresses and pages visited, which
> can tell you a good deal about what a person is viewing on your web
> site.
>
> Andrew Mutch
> Library Systems Technician
> Waterford Township Public Library
> Waterford, MI
>
>
>
> -----Original Message-----
> From: Thomas Edelblute [mailto:TEdelblute at anaheim.net]
> Sent: Wednesday, August 25, 2010 2:42 PM
> To: Mutch, Andrew; web4lib at webjunction.org
> Subject: RE: [Web4lib] [web4lib] survey on library website third
> partyanalytics privacy concerns
>
> I am told that in California, library privacy laws pertains specifically
> to library circulation and library registration records. In practice we
> tend to apply to universally to any information we have on a library
> patron.
>
> But is seems to me that web site statistics are just a general
> aggregation of numbers for your whole population and does not identify
> individual sessions or people.
>
> Tom
>
>
> -----Original Message-----
> From: web4lib-bounces at webjunction.org
> [mailto:web4lib-bounces at webjunction.org] On Behalf Of Mutch, Andrew
> Sent: Wednesday, August 25, 2010 5:10 AM
> To: web4lib at webjunction.org
> Subject: Re: [Web4lib] [web4lib] survey on library website third party
> analytics privacy concerns
>
> I know in Michigan that libraries have a legal obligation to protect
> patron privacy particularly when it comes to information that the
> library collects related to patron usage of the library systems. I don't
> know the privacy laws in other states but libraries in Michigan don't
> have the luxury of blithely dismissing such concerns and claiming that
> it's the user's responsibility to ensure the privacy of their data.
>
> Andrew Mutch
> Library Systems Technician
> Waterford Township Public Library
> Waterford, MI
>
> -----Original Message-----
> From: web4lib-bounces at webjunction.org
> [mailto:web4lib-bounces at webjunction.org] On Behalf Of Robert Balliot
> Sent: Wednesday, August 25, 2010 8:04 AM
> To: David Kane
> Cc: web4lib at webjunction.org
> Subject: Re: [Web4lib] [web4lib] survey on library website third party
> analytics privacy concerns
>
> There is no privacy on the Internet. You might be able to use
> Tor<http://www.torproject.org/> to orchestrate a certain level of
> anonymity and use encryption and https to hide information in transit,
> but you can't have a reasonable expectation that using a Library website
> is private other than it being somewhat private within a library
> network.
>
> Given the proliferation of personal information on social network sites,
> many users have seemed to value their immediate social status much more
> highly than their privacy. The burden is on the user.
>
> R. Balliot
> http://oceanstatelibrarian.com
>
>
> On Wed, Aug 25, 2010 at 4:09 AM, David Kane<dkane at wit.ie> wrote:
>
>> Libraries knowing your IP address is one thing. I don't think that
>> this is a serious issue because no librarian I know is going to pore
>> over reams of IP addresses to try and connect particular real
>> individuals to possible book crimes.
>>
>> However, Google analytics works in such a way as to make it possible
>> for individual users to be tracked across all sites that use Google
>> analytics. If those users also have Google accounts, as many do, then
>> suddenly Google is going to know a lot about you, as an individual.
>> Using something else would remove any significant privacy concerns
>> that I might have about this. One such program might be AWstats,
>> which analyses the server log files.
>>
>> David.
>>
>> On 25 August 2010 00:12, Brian Tingle
>> <brian.tingle.cdlib.org at gmail.com>
>> wrote:
>>> |There are a number of references to 'privacy concerns' in some of
>>> |the responses.
>>> |
>>> |Do these concerns have any validity, or to they arise from
>>> |uncertainty and insufficient understanding of the technologies used
>>> |to gather these data?
>>>
>>> I think that is an open question. Like most things, there are trade
>> offs.
>>> As I understand it, German law considers IP addresses to be
>>> personally identifying information, and .de web site operators are
>>> not allowed to track this.
>>>
>>>
>> http://dees-club.com/google-analytics-german-privacy-paid-analytics-to
>> ols/
>>> My libraries' current interpretation of privacy policy categorizes
>>> IP addresses as personally identifying information.
>>>
>>> Even if no personally identifying information is logged, research
>>> suggests that with enough data tied to a specific yet not personally
>>> identified user such as with the cookies used by google analytics,
>>> data can be de-anonymized
>>>
>>> http://en.wikipedia.org/wiki/AOL_search_data_scandal
>>>
>> http://www.wired.com/politics/security/commentary/securitymatters/2007
>> /12/securitymatters_1213
>>> I think it is important that a) library privacy policies clearly
>>> indicate the use of google analytics on their websites and b) make
>>> it clear to end users that they may opt-out of behavioral tracking
>>>
>>> http://tools.google.com/dlpage/gaoptout?hl=en
>>>
>>> I've put in a proposal to have a discussion on this topic at the
>>> Digital Library Federation Fall Forum.
>>>
>>> -- Brian
>>>
>>>
>>> _______________________________________________
>>> Web4lib mailing list
>>> Web4lib at webjunction.org
>>> http://lists.webjunction.org/web4lib/
>>>
>>>
>>
>>
>> --
>> David Kane, MLIS.
>> Systems Librarian
>> Waterford Institute of Technology
>> Ireland
>> http://library.wit.ie/
>> T: ++353.51302838
>> M: ++353.876693212
>>
>>
>> _______________________________________________
>> Web4lib mailing list
>> Web4lib at webjunction.org
>> http://lists.webjunction.org/web4lib/
>>
>>
> _______________________________________________
> Web4lib mailing list
> Web4lib at webjunction.org
> http://lists.webjunction.org/web4lib/
>
>
>
> _______________________________________________
> Web4lib mailing list
> Web4lib at webjunction.org
> http://lists.webjunction.org/web4lib/
>
>
>
> THIS MESSAGE IS INTENDED ONLY FOR THE USE OF THE INDIVIDUAL OR ENTITY TO
> WHICH IT IS ADDRESSED AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED,
> CONFIDENTIAL, AND EXEMPT FROM DISCLOSURE UNDER APPLICABLE LAWS. If the
> reader of this message is not the intended recipient, or the employee or
> agent responsible for delivering the message to the intended recipient,
> you are hereby notified that any dissemination, distribution,
> forwarding, or copying of this communication is strictly prohibited. If
> you have received this communication in error, please notify the sender
> immediately by e-mail or telephone, and delete the original message
> immediately. Thank you.
>
>
>
> THIS MESSAGE IS INTENDED ONLY FOR THE USE OF THE INDIVIDUAL OR ENTITY TO
WHICH IT IS ADDRESSED AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED,
CONFIDENTIAL, AND EXEMPT FROM DISCLOSURE UNDER APPLICABLE LAWS. If the
reader of this message is not the intended recipient, or the employee or
agent responsible for delivering the message to the intended recipient, you
are hereby notified that any dissemination, distribution, forwarding, or
copying of this communication is strictly prohibited. If you have received
this communication in error, please notify the sender immediately by e-mail
or telephone, and delete the original message immediately. Thank you.
>
>
>
> _______________________________________________
> Web4lib mailing list
> Web4lib at webjunction.org
> http://lists.webjunction.org/web4lib/
>
_______________________________________________
Web4lib mailing list
Web4lib at webjunction.org
http://lists.webjunction.org/web4lib/
More information about the Web4lib
mailing list